CVE-2022-48935 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking infrastructure including SCALANCE X-family switches and RUGGEDCOM devices, particularly those in critical infrastructure sectors. Security teams responsible for OT/ICS environments should prioritize this for patch management cycles.

Technical summary

The vulnerability exists in the Linux kernel's netfilter nf_tables subsystem where flowtable hooks were not properly unregistered when a network namespace exits. This can lead to use-after-free conditions as hooks may continue to reference freed memory. The fix ensures proper cleanup by unregistering flowtable hooks during netns exit. Affected Siemens products utilize SINEC OS, which incorporates the vulnerable Linux kernel components. The CISA advisory indicates the vulnerability was initially mischaracterized in impact assessment, with subsequent revisions correcting the affected products list.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM products when available
• Implement network segmentation for industrial control systems per CISA recommended practices
• Monitor for anomalous network behavior on affected devices
• Review and apply defense-in-depth strategies for ICS environments
• Verify current SINEC OS version and upgrade to supported release (3.1 or later)

Evidence notes

The vulnerability description indicates a kernel-level netfilter/nf_tables issue resolved by unregistering flowtable hooks on network namespace exit. Siemens ProductCERT advisory SSA-613116 (referenced via CISA CSAF ICSA-25-226-15) identifies affected products including RUGGEDCOM RST2428P and SCALANCE X-family switches. The advisory was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect corrections to affected products list and removal of rejected CVEs. No CVSS score is provided in the source material.

Official resources